Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3766176
D3432.id8857.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D3432.id8857.diff
View Options
diff --git a/roles/monitoring/checks/files/check-github-storage.py b/roles/monitoring/checks/files/check-github-storage.py
new file mode 100755
--- /dev/null
+++ b/roles/monitoring/checks/files/check-github-storage.py
@@ -0,0 +1,107 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# Monitoring :: GitHub :: storage quota
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Description: Query storage quota on GitHub API
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import os
+import sys
+
+import hvac
+import requests
+import yaml
+
+
+VAULT_CERTIFICATE = "/usr/local/share/certs/nasqueron-vault-ca.crt"
+
+ORG = "nasqueron"
+STORAGE_THRESHOLD = 8
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def get_config_path():
+ # As long as we deploy primary servers on FreeBSD,
+ # this path is stable.
+ return "/usr/local/etc/monitoring/vault.conf"
+
+
+def load_config():
+ with open(get_config_path()) as fd:
+ return yaml.safe_load(fd)
+
+
+# -------------------------------------------------------------
+# Fetch credential from Vault
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def connect_to_vault():
+ config = load_config()
+
+ client = hvac.Client(url=config["vault"]["url"], verify=VAULT_CERTIFICATE)
+ response = client.auth.approle.login(
+ role_id=config["vault"]["auth"]["role_id"],
+ secret_id=config["vault"]["auth"]["secret_id"],
+ )
+
+ return client
+
+
+def read_github_token(vault_client):
+ secret = vault_client.secrets.kv.read_secret_version(
+ mount_point="apps",
+ path="monitoring/github/token",
+ raise_on_deleted_version=True,
+ )
+
+ return secret["data"]["data"]["password"]
+
+
+# -------------------------------------------------------------
+# GitHub :: shared storage billing
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def query_storage(org, token):
+ url = f"https://api.github.com/orgs/{org}/settings/billing/shared-storage"
+ headers = {
+ "Accept": "application/vnd.github+json",
+ "Authorization": f"Bearer {token}",
+ "X-GitHub-Api-Version": "2022-11-28",
+ }
+ response = requests.get(url, headers=headers)
+
+ return response.json()
+
+
+# -------------------------------------------------------------
+# Application entbry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ vault_client = connect_to_vault()
+ token = read_github_token(vault_client)
+
+ storage = query_storage(ORG, token)
+ used = int(storage["estimated_storage_for_month"])
+
+ print(f"GitHub shared storage used (GB): {used}")
+
+ if used >= STORAGE_THRESHOLD:
+ exit(2)
+
+ exit(0)
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/vault/policies/files/monitoring.hcl b/roles/vault/policies/files/monitoring.hcl
new file mode 100644
--- /dev/null
+++ b/roles/vault/policies/files/monitoring.hcl
@@ -0,0 +1,18 @@
+# -------------------------------------------------------------
+# Vault configuration - Policy for monitoring
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/vault/policies/files/monitoring.hcl
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+path "apps/data/monitoring/github/token" {
+ capabilities = [ "read" ]
+}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Nov 23, 16:51 (18 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258469
Default Alt Text
D3432.id8857.diff (3 KB)
Attached To
Mode
D3432: Check GitHub account storage usage
Attached
Detach File
Event Timeline
Log In to Comment